Targeted Threat Protection Logs

Document created by user.oxriBaJeN4 Employee on Sep 11, 2015
Version 1Show Document
  • View in full screen mode

Targeted Threat Protection builds on Mimecast’s security services to protect organizations against the growing threat posed by advanced phishing and spear-phishing attacks in inbound email.  This extends to all end user devices and applications where the link is accessed from, and full logging provides administrative visibility, real-time alerts and auditing of user clicks.

 

Targeted Threat Protection is available to customers utilizing the latest Gateway.

 

Viewing the Logs

The log displays a real-time view of the last thirty days of URL clicks by end users.

 

To view the Targeted Threat Protection logs:

 

  1. Navigate to Monitoring | Targeted Threat Protection:
    ttpLogs1.png

Use the “Search” box to perform a free text search for either email addresses or URLs. Use the date picker to select a filtered view by date.

 

Just above the search bar, the following buttons are available:

ButtonDescription
Go BackReturns to the Targeted Threat Protection Dashboard
Export DataAllows Administrators to export various log information in either .csv or .xls format
ViewDisplays various actions and triggers
URL DecodeAllows Administrators to decode the Targeted Threat Protection URLs

 

The various columns shown are:

 

ColumnDescription
Email AddressReturns to the Targeted Threat Protection Dashboard
URLAllows Administrators to export various log information in either .csv or .xls format
DefinitionDisplays various actions and triggers
Action TriggeredAllows Administrators to decode the Targeted Threat Protection URLs
Admin OverrideDisplays whether the Admin Overrode the policy
Scan ResultsDisplays the results from the scan engine; malicious or clean
User OverrideDisplays whether the user clicked continue to the URL or not
CategoryDisplays categories derived from scanning
Date TimeDisplays the Date and Time of the incident

 

Click on an individual log entry to display the full URL and a consolidated view of its associated log detail:

ttpLogs2.png

Use the “Add to Allow” and “Add to Block” buttons to auto-create entries in the Allow and Block override lists

 

Export Data

The Export Data button allows Administrators to export the various columns of the Targeted Threat Protection logs:

 

ttpExportData1.png

 

Format

Administrators can export the file as either:

  • .csv
  • .xls

 

Export

Administrators have the option of exporting the information by either:

  • Download
  • Send Mail

Once completed, click Export.

 

View

Use the “View” pull-down to filter the logs according to each column:

ttpView1.png

URL Decoder

As an Administrator you may want to see the real URL without clicking on it.

 

Click the URL Decoder button at the top of the dashboard to decode URLs modified by Mimecast: 

ttpDecode1.png

 

The following buttons are available:

ButtonDescription
Go BackReturns to the Targeted Threat Protection Dashboard
Add Decoded URL to AllowAllows Administrators to allow the decoded URL
Add Decoded URL to BlockAllows Administrators to block the decoded URL

 

To Decode a URL do the following:

  1. Enter the rewritten URL in the rewritten URL field.
  2. Click Submit.
  3. The original URL will be displayed in Decoded URL field.

Attachments

    Outcomes